📖 Notes

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1409 more sorted by tag →

PowerUpSQL

created Jan 08, 2024updated Apr 16, 20241 min read

Load in lab

To load in RTO lab: powershell-import C:\Tools\PowerUpSQL\PowerUpSQL.ps1

Enumerate:

# Find SQL servers in domain (FQDN, user, SPN, etc)
Get-SQLInstanceDomain
# Check for user's role on SQL server
Get-SQLConnectionTest -Instance "[fqdn],[port]"
# Enumerate SQL service
Get-SQLServerInfo -Instance "sql-2.dev.cyberbotic.io,1433"
# Do the above for all SQL Server instances
Get-SQLInstanceDomain | Get-SQLConnectionTest | ? { $_.Status -eq "Accessible" } | Get-SQLServerInfo
# Get servername
Get-SQLQuery -Instance "[srv-fqdn],1433" -Query "SELECT @@servername"

Run SQL:

Get-SQLQuery -Instance "[srv-fqdn],1433" -Query "[sql]"

Graph View

Backlinks